Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aNCXr9iK7z8QKC8yGPwT8BoN5IY.cer
File:                     aNCXr9iK7z8QKC8yGPwT8BoN5IY.cer (raw, json)
Hash identifier:          SgOXqCFtUx9S8CCDWFWHcm0+iqZcPerTtLD6j3hG6Ik=
Subject key identifier:   68:D0:97:AF:D8:8A:EF:3F:10:28:2F:32:18:FC:13:F0:1A:0D:E4:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194206809B7E50609B4FB46CA3295349BE7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/68D097AFD88AEF3F10282F3218FC13F01A0DE486.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.206.253.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:09:b7:e5:06:09:b4:fb:46:ca:32:95:34:9b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68d097afd88aef3f10282f3218fc13f01a0de486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:99:31:c1:68:a8:22:11:8b:d4:08:44:8f:89:
                    64:1d:38:a8:04:ec:84:9a:c9:30:18:34:61:98:d8:
                    6c:31:c2:8c:72:ee:fb:74:4f:33:c2:ab:b2:0a:69:
                    95:14:50:fe:7e:9a:c9:1c:e7:33:b3:bd:19:73:4a:
                    84:f5:e2:c9:7d:26:7b:f2:e9:73:8a:bf:be:69:a8:
                    e5:39:94:54:73:3f:d2:ce:1f:16:b6:44:69:4b:35:
                    30:ba:ef:c4:29:3e:b1:7b:7a:ae:ed:98:99:11:fc:
                    d3:47:48:e4:35:8e:0e:e7:67:d1:4e:80:d2:af:6e:
                    82:65:a0:52:3d:19:05:70:c5:57:07:fa:b9:cc:fe:
                    65:79:94:26:2b:bd:fb:1a:96:01:8d:e5:b2:4b:77:
                    21:25:a9:84:82:77:65:54:6d:2a:7c:85:fc:02:e7:
                    14:a3:8b:7e:cd:52:a0:4b:6e:ba:7b:f8:6c:30:78:
                    b8:3f:9f:22:39:77:8d:d6:48:7f:e7:c0:4c:d1:a0:
                    eb:a9:61:b3:85:fb:87:ff:9f:41:f5:ca:75:be:7a:
                    f2:94:ac:17:c3:1c:b6:48:fa:cb:0c:f7:e7:37:49:
                    34:71:d0:d6:8e:bd:da:61:bb:fb:16:9c:ce:22:5d:
                    30:7c:fb:1e:c7:b7:f8:14:78:f4:d4:ec:0d:d2:a6:
                    3f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D0:97:AF:D8:8A:EF:3F:10:28:2F:32:18:FC:13:F0:1A:0D:E4:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/68D097AFD88AEF3F10282F3218FC13F01A0DE486.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:8e:83:7d:9e:29:c5:40:59:b6:bf:e7:a4:32:7f:e6:a4:0e:
         28:8b:32:bb:a6:10:00:e1:3c:d6:5d:44:64:ae:b4:b5:10:c2:
         7b:8e:53:46:4e:bb:c3:c9:f1:08:40:b4:96:b0:da:17:3a:e9:
         6c:b4:1f:46:1e:59:01:fc:24:ff:ce:3f:3e:8b:ad:7f:6e:59:
         36:bb:ab:d1:13:43:63:55:f3:48:45:ab:d5:fa:be:61:b2:33:
         b2:7d:80:71:ef:fb:97:a7:89:bd:d7:99:f1:f1:0d:c1:80:ae:
         22:7c:5a:ca:6f:54:11:a8:23:02:12:9b:44:92:03:16:8f:06:
         51:57:7c:c9:63:e1:ff:4e:f7:b3:77:1b:d3:2b:f8:51:b7:6f:
         05:0b:70:4c:90:fe:3e:07:d0:db:9e:81:53:19:46:7c:e8:58:
         91:bc:b0:a5:0b:66:24:8a:3d:13:7b:82:68:be:91:71:60:f7:
         6b:26:b8:94:11:10:c2:cb:f6:ab:4b:9c:5b:d1:17:80:ee:4b:
         4d:de:ac:27:6d:30:f7:52:d3:94:b4:7c:bb:55:81:93:c2:4e:
         1e:82:19:18:1b:d4:ee:f2:a5:0b:bb:a8:9e:6e:f7:3b:be:82:
         33:cf:93:72:4d:8b:bb:b4:4c:20:f4:53:75:e9:7f:4c:66:ed:
         2b:9b:a2:1b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQgaAm35QYJtPtGyjKVNJvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQwOTdhZmQ4OGFlZjNmMTAyODJmMzIxOGZjMTNmMDFhMGRlNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopkxwWioIhGL1AhEj4lkHTioBOyE
mskwGDRhmNhsMcKMcu77dE8zwquyCmmVFFD+fprJHOczs70Zc0qE9eLJfSZ78ulz
ir++aajlOZRUcz/Szh8WtkRpSzUwuu/EKT6xe3qu7ZiZEfzTR0jkNY4O52fRToDS
r26CZaBSPRkFcMVXB/q5zP5leZQmK737GpYBjeWyS3chJamEgndlVG0qfIX8AucU
o4t+zVKgS266e/hsMHi4P58iOXeN1kh/58BM0aDrqWGzhfuH/59B9cp1vnrylKwX
wxy2SPrLDPfnN0k0cdDWjr3aYbv7FpzOIl0wfPsex7f4FHj01OwN0qY/ywIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGjQl6/Yiu8/ECgvMhj8E/AaDeSGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdjMTFi
ODE5LWQ0NTktNDEzNi05OTg3LWYwMjkyYTg3ZTY0MC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2Mx
MWI4MTktZDQ1OS00MTM2LTk5ODctZjAyOTJhODdlNjQwLzAvNjhEMDk3QUZEODhB
RUYzRjEwMjgyRjMyMThGQzEzRjAxQTBERTQ4Ni5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
ALnO/TANBgkqhkiG9w0BAQsFAAOCAQEAgY6DfZ4pxUBZtr/npDJ/5qQOKIsyu6YQ
AOE81l1EZK60tRDCe45TRk67w8nxCEC0lrDaFzrpbLQfRh5ZAfwk/84/Poutf25Z
Nrur0RNDY1XzSEWr1fq+YbIzsn2Ace/7l6eJvdeZ8fENwYCuInxaym9UEagjAhKb
RJIDFo8GUVd8yWPh/073s3cb0yv4UbdvBQtwTJD+PgfQ256BUxlGfOhYkbywpQtm
JIo9E3uCaL6RcWD3aya4lBEQwsv2q0ucW9EXgO5LTd6sJ20w91LTlLR8u1WBk8JO
HoIZGBvU7vKlC7uonm73O76CM8+Tck2Lu7RMIPRTdel/TGbtK5uiGw==
-----END CERTIFICATE-----